qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

crypto.h (5879B)

      1 /*
      2  * QEMU block full disk encryption
      3  *
      4  * Copyright (c) 2015-2017 Red Hat, Inc.
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  *
     19  */
     20 
     21 #ifndef BLOCK_CRYPTO_H
     22 #define BLOCK_CRYPTO_H
     23 
     24 #define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr)                \
     25     {                                                                   \
     26         .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET,                \
     27         .type = QEMU_OPT_STRING,                                        \
     28         .help = helpstr,                                                \
     29     }
     30 
     31 #define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret"
     32 
     33 #define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix)                    \
     34     BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix,                             \
     35         "ID of the secret that provides the AES encryption key")
     36 
     37 #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
     38 #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
     39 #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
     40 #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
     41 #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
     42 #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
     43 #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
     44 #define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot"
     45 #define BLOCK_CRYPTO_OPT_LUKS_STATE "state"
     46 #define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret"
     47 #define BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET "new-secret"
     48 
     49 
     50 #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix)                    \
     51     BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix,                             \
     52         "ID of the secret that provides the keyslot passphrase")
     53 
     54 #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix)       \
     55     {                                                      \
     56         .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,   \
     57         .type = QEMU_OPT_STRING,                           \
     58         .help = "Name of encryption cipher algorithm",     \
     59     }
     60 
     61 #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix)      \
     62     {                                                      \
     63         .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,  \
     64         .type = QEMU_OPT_STRING,                           \
     65         .help = "Name of encryption cipher mode",          \
     66     }
     67 
     68 #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix)     \
     69     {                                                   \
     70         .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
     71         .type = QEMU_OPT_STRING,                        \
     72         .help = "Name of IV generator algorithm",       \
     73     }
     74 
     75 #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix)        \
     76     {                                                           \
     77         .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,    \
     78         .type = QEMU_OPT_STRING,                                \
     79         .help = "Name of IV generator hash algorithm",          \
     80     }
     81 
     82 #define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix)       \
     83     {                                                    \
     84         .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,   \
     85         .type = QEMU_OPT_STRING,                         \
     86         .help = "Name of encryption hash algorithm",     \
     87     }
     88 
     89 #define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix)           \
     90     {                                                         \
     91         .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,       \
     92         .type = QEMU_OPT_NUMBER,                              \
     93         .help = "Time to spend in PBKDF in milliseconds",     \
     94     }
     95 
     96 #define BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(prefix)                           \
     97     {                                                                     \
     98         .name = prefix BLOCK_CRYPTO_OPT_LUKS_STATE,                       \
     99         .type = QEMU_OPT_STRING,                                          \
    100         .help = "Select new state of affected keyslots (active/inactive)",\
    101     }
    102 
    103 #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix)              \
    104     {                                                          \
    105         .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT,          \
    106         .type = QEMU_OPT_NUMBER,                               \
    107         .help = "Select a single keyslot to modify explicitly",\
    108     }
    109 
    110 #define BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(prefix)            \
    111     {                                                           \
    112         .name = prefix BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET,        \
    113         .type = QEMU_OPT_STRING,                                \
    114         .help = "Select all keyslots that match this password", \
    115     }
    116 
    117 #define BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(prefix)            \
    118     {                                                           \
    119         .name = prefix BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET,        \
    120         .type = QEMU_OPT_STRING,                                \
    121         .help = "New secret to set in the matching keyslots. "  \
    122                 "Empty string to erase",                        \
    123     }
    124 
    125 QCryptoBlockCreateOptions *
    126 block_crypto_create_opts_init(QDict *opts, Error **errp);
    127 
    128 QCryptoBlockAmendOptions *
    129 block_crypto_amend_opts_init(QDict *opts, Error **errp);
    130 
    131 QCryptoBlockOpenOptions *
    132 block_crypto_open_opts_init(QDict *opts, Error **errp);
    133 
    134 #endif /* BLOCK_CRYPTO_H */